In light of the President’s recent call for enactment of the Personal Data Notification and Protection Act, containing a 30-day notification deadline, it’s worth noting that at present most state breach laws require state residents to be notified “without unreasonable delay,” which strikes me as a better compromise. Only Florida (30 days), Ohio (45 days), VT (45 days) and […]
Category: Cybersecurity
Breach Update: Home Depot Confirms 56 Million Cards Impacted
Over the past week we’ve been assisting clients in responding to the recent confirmed Home Depot breach. While information regarding the scale and scope of the breach of point-of-sale systems in the U.S. and Canada has been developing, Home Depot’s release late yesterday of an updated press release (available here), provides additional public details: 56 million […]
Client Alert: Encryption for EMV and PoS Terminals
Clients field us questions on encryption constantly: What type to use, the differences between encryption-at-rest versus in transit, what qualifies as “strong” encryption under current best practices, key management, which encryption methods meet “government” standards so as provide “reasonable security,” recommendations for encrypted email vendors… the list goes on. However, a recent story focusing on EMV cards, which […]
FFIEC Rolls Out Cybersecurity Website For Financial Institutions
The Federal Financial Institutions Examination Council (“FFIEC”) recently launched a new cybersecurity website, effectively creating another valuable resource for financial institutions when it comes to addressing cybersecurity matters. Although less well known than Federal agencies with direct oversight and regulatory authority the FFIEC “is a formal interagency body empowered to prescribe uniform principles, standards, and […]
Thanks to those who attended our IAPP KnowledgeNet CT Meeting
A quick thanks to all those who attended our IAPP KnowledgeNet meeting, held yesterday in Hartford, and to my co-chairs Bruce Raymond and Catherine Itravina. There was a good turnout and many new faces around the table. After an informative presentation covering lessons learned from the Target data breach, by Pamela Gupta, President of Outsecure, Inc., […]
Sm@rtEdgeLaw Now a Member of InfraGard – Cybersecurity Partnership
We’re pleased to announce that founding attorney, Richard Santalesa, has been accepted as a member of InfraGard, and looks forward to employing InfraGard’s expertise on behalf of Sm@rtEdgeLaw’s client base and our communities. InfraGard is a partnership between the FBI and the private sector as “an association of persons who represent businesses, academic institutions, state […]
Ready to Revisit Your Cloud Contracts? FedRAMP is Ramping Up With Three Public Webinars
Those who follow cloud computing on the federal level know the Federal Risk and Authorization Management Program (“FedRAMP”) is tasked with developing a “government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.” We expect FedRAMP to have a broader ripple effect for corporate cloud contracting, […]
Join us June12 at IAPP KnowledgeNet CT
Please join us at the upcoming IAPP KnowledgeNet CT on June 12 4-6pm at the offices of Shipman & Goodwin LLP, One Constitution Plaza, Hartford, CT 06103. Refreshments will be served. Our topic: Data Breach Responses: Practical Lessons From the Target Trenches and Beyond Our meeting will include featured speakers and a group round table discussion […]
Data Broker Study from FTC Reveals a Big Data World
Data brokers have been under increased scrutiny lately – from Congress, the press and joined again this week by the Federal Trade Commission, which released a 109-page study of nine data brokers entitled Data Brokers: A Call For Transparency and Accountability (the “Report”). which examined nine data brokers to determine the types and scope of personal information data collected. What […]
FTC Slaps Snapchat Over Privacy Policy & Practices
Recently, the Federal Trade Commission snapped at Snapchat over its privacy policy and representations made regarding the company’s mobile application. The FTC’s action has raised some eyebrows. But it has also raised awareness that promises made in a privacy policy matter. What did Snapchat do wrong and what are the key takeaways you should adopt […]
NIST Releases “Security by Design” Public Draft Guidance
Following on the heels of the National Institute of Standards and Technology‘s (“NIST”) release of the Framework for Improving Critical Infrastructure Cybersecurity (a/k/a the “Cybersecurity Framework” – see our coverage here and here), NIST unveiled yesterday a 123-page initial draft for public comment of Special Publication 800-160, Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems. […]
Admin judge to FTC: “Put up or shut up”
FTC ordered to submit to testifying about data security standards The ongoing controversial Federal Trade Commission (“FTC”) versus LabMD Inc. enforcement action (Docket No. 9357) took a new twist recently as Chief Administrative Law Judge D. Michael Chappell effectively ordered the FTC to reveal details about what it considers to be the applicable data security […]
SEC Issues Cybersecurity Risk Alert
Building on its stated goals for 2014, the U.S. Securities and Exchange Commission (“SEC“) recently issued a Cybersecurity Risk Alert through its Office of Compliance Inspections and Examinations (“OCIE“) that provides important additional information regarding the SEC’s ongoing initiative to assess cybersecurity preparedness in the financial and securities industry subject to its jurisdiction. As we […]
Then there were 47… Kentucky enacts data breach statute
Since 2010 the number of states with data breach notification statutes was stalled at 46. No longer. Kentucky is now the 47th state to enact a data breach notification statute, effective July 14, 2014. Kentucky’s new data breach notification statute, appearing in Ken. Rev. Stat. Chapter 365 (as amended by H.B. 232 on April 10, […]
Long awaited decision in FTC v. Wyndham Issued. FTC wins.
BREAKING: The long awaited decision in the ongoing FTC v. Wyndham Worldwide Corp federal district court case in New Jersey was issued last today by District Judge Salas. In brief Wyndham lost all three of its arguments presented and J. Salas denied its Motion to Dismiss. We’re reviewing the entire 42-page decision, available here, for […]
